Nmap Development mailing list archives

Re: Nmap 4.20 on Mac OS X

From: "Kurt Grutzmacher" <grutz () jingojango net>
Date: Mon, 6 Nov 2006 18:39:14 -0800

$ sudo tcpdump -s 1500 -i en1 host scanme.insecure.org
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 1500 bytes
17:51:19.793055 IP 192.168.1.101 > scanme.nmap.org: ICMP echo request,
id 1722, seq 26044, length 8
17:51:19.793259 IP 192.168.1.101.35918 > scanme.nmap.org.http: . ack
1806637406 win 2048
17:51:19.808150 IP scanme.nmap.org > 192.168.1.101: ICMP echo reply,
id 1722, seq 26044, length 8
17:51:20.793436 IP 192.168.1.101 > scanme.nmap.org: ICMP echo request,
id 1722, seq 26300, length 8
17:51:20.793582 IP 192.168.1.101.35914 > scanme.nmap.org.http: . ack
2247039390 win 2048
17:51:20.809035 IP scanme.nmap.org > 192.168.1.101: ICMP echo reply,
id 1722, seq 26300, length 8
17:51:20.813024 IP scanme.nmap.org.http > 192.168.1.101.35914: R
2247039390:2247039390(0) win 0


$ sudo ./nmap -sS scanme.insecure.org --packet_trace

Starting Nmap 4.20ALPHA5 ( http://insecure.org/nmap/ ) at 2006-11-06 17:51 PST
SENT (0.0400s) ICMP 192.168.1.101 > 205.217.153.62 Echo request
(type=8/code=0) ttl=42 id=34357 iplen=7168
SENT (0.0400s) TCP 192.168.1.101:35918 > 205.217.153.62:80 A ttl=45
id=25921 iplen=10240  seq=3983481182 win=2048 ack=1806637406
SENT (1.0400s) ICMP 192.168.1.101 > 205.217.153.62 Echo request
(type=8/code=0) ttl=51 id=44438 iplen=7168
SENT (1.0410s) TCP 192.168.1.101:35914 > 205.217.153.62:80 A ttl=57
id=48556 iplen=10240  seq=3702462878 win=2048 ack=2247039390
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0
Nmap finished: 1 IP address (0 hosts up) scanned in 2.041 seconds


When trying against a local device:

grutzImac:~/src/nmap/nmap-4.20ALPHA5-compiled grutz$ sudo ./nmap -sS
192.168.1.1 --packet_trace

Starting Nmap 4.20ALPHA5 ( http://insecure.org/nmap/ ) at 2006-11-06 18:28 PST
SENT (0.0720s) ARP who-has 192.168.1.1 tell 192.168.1.101
SENT (0.1730s) ARP who-has 192.168.1.1 tell 192.168.1.101
Note: Host seems down. If it is really up, but blocking our ping probes, try -P0
Nmap finished: 1 IP address (0 hosts up) scanned in 0.283 seconds


I see a lot of change in packet construction within tcpip.cc so I'll
start peeking and poking around there to see what's what. Subesquent
tests with 4.20ALPHA1 through 4.20ALPHA4 have shown no issues. My
previous statement of ALPHA4 having some issues appears to have been
isolated as I haven't been able to repeat it. ALPHA4 is definately the
last version that worked.

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Nmap 4.20 on Mac OS X Christophe Thil (Nov 06)
- Re: Nmap 4.20 on Mac OS X Fyodor (Nov 06)
  - Re: Nmap 4.20 on Mac OS X Hayden Stainsby (Nov 06)
    - Re: Nmap 4.20 on Mac OS X Kurt Grutzmacher (Nov 06)
    - Re: Nmap 4.20 on Mac OS X Kurt Grutzmacher (Nov 06)
    - Re: Nmap 4.20 on Mac OS X Fyodor (Nov 06)
    - Re: Nmap 4.20 on Mac OS X Kurt Grutzmacher (Nov 06)
    - Re: Nmap 4.20 on Mac OS X doug (Nov 07)
    - Re: Nmap 4.20 on Mac OS X Fyodor (Nov 19)
- <Possible follow-ups>
- Re: Nmap 4.20 on Mac OS X Christophe Thil (Nov 19)